[mod_python] Protecting Web apps from to many simultaneousclicks/Hacking

Michael S. Fischer michael at dynamine.net
Thu May 13 13:19:09 EDT 2004

This is way off topic, but..

You mention AOLserver for serving static files -- I had a long discussion
with one of the AOLserver proponents (Phil Greenspun formerly of photo.net)
a few years ago on the very subject, and he advised me (and I concur) that
it's really hard to serve static files any faster than Apache can on a
system with sendfile() in the C API.  Linux has had sendfile() for awhile
now, as does FreeBSD.

Where AOLserver shines is with concurrent execution of TCL-based scripts.

Finally: try to use the right tool for the job.  While adding another layer
might seem like additional work, many projects have failed because of
needless delays and frustration by developers trying to reinvent the wheel.
NIH ("not invented here") is a terrible plague.


> -----Original Message-----
> From: mod_python-bounces at modpython.org 
> [mailto:mod_python-bounces at modpython.org] On Behalf Of 
> SAiello at Jentoo.com
> Sent: Thursday, May 13, 2004 2:19 PM
> To: mod_python at modpython.org
> Subject: Re: [mod_python] Protecting Web apps from to many 
> simultaneousclicks/Hacking
> Thanks for all the good info and suggestions.
> I have done abit of browsing and checking of Apache's server 
> settings so far. 
> I would like to have the 'protection' either a part of Apache 
> or mod_python. 
> I prefer to try to use functions of the software I am already 
> using, then having to add another application/software layer. 
> Since mod_python was managing authentication and my sessions, 
> I figured that was the best place to start.
> Performance tuning/tweaking is definitely on the schedule. 
> But I do not see app protection and performance tweaking as 
> the same. I would like to make the app be able to protect 
> itself, as long as it is simple and does not add too many CPU 
> cycles. Besides, if the app has some basic protection written 
> into it, and I use bandwidth throttling, I then have two 
> sperate layers of protection. 
> As to splitting the site, thats another long term plan. for 
> Images I was thinking of using AOLServer. I have read a few 
> articles saying that as an image server/cache it is very 
> fast. Though all my images have been custom made by me, and 
> are very small in size. So far the biggest is 1,126 bytes.
> I am just not writing yet another webmail client. What I am 
> writing is a webmail client for my email system I have put 
> together. The design goal is to have many small nodes that 
> are redundant for each other and spread the load. 
> Back end systems (IMAP, filtering, SMTP, etc) are already 
> done.  I just need a GUI to glue all the bits together for 
> the user :) Sorry if I went offtopic on what I am trying to do.
> Thanks,
>   Steven
> On Thursday 13 May 2004 02:34 pm, you wrote:
> > A google for "apache 2.0 bandwidth" turned up 
> > http://www.topology.org/src/bwshare/README.html as the first hit.
> >
> > You also want to spend sometime understanding apache's 
> server settings 
> > and performance tuning (there is lots of stuff on this at 
> the apache 
> > site), and possibly the IMAP server's as well.  If you need tighter 
> > controls still, I'd look into traffic shaping tools at the firewall 
> > level.
> >
> > I think it would be overkill for webmail, but another long 
> term option 
> > is splitting the site into separate servers, so images and static 
> > content are served from one server while the app resides on another 
> > server which more horsepower behind it.  This will also 
> allow separate 
> > traffic controls to dynamic and static content, so image requests 
> > don't get queue behind application processing.
> >
> > Mike
> _______________________________________________
> Mod_python mailing list
> Mod_python at modpython.org
> http://mailman.modpython.org/mailman/listinfo/mod_python

More information about the Mod_python mailing list